Pandora Fms Security Vulnerabilities and Issues — Pandora Fms CVE List

Lucene search

ArticaPandora Fms

4 matches found

CVE•added 2017/10/27 8:29 p.m.•40 views

CVE-2017-15936

In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed.

5.4CVSS5.3AI score0.0027EPSS

CVE•added 2017/10/27 8:29 p.m.•37 views

CVE-2017-15934

Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter.

5.4CVSS5.3AI score0.0027EPSS

CVE•added 2017/10/27 8:29 p.m.•36 views

CVE-2017-15937

Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX).

6.5CVSS6.3AI score0.00309EPSS

CVE•added 2017/10/27 8:29 p.m.•34 views

CVE-2017-15935

Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file.

9CVSS7.3AI score0.00391EPSS